Lucene search

[email protected]NVD:CVE-2015-2907

HistoryAug 23, 2015 - 9:59 p.m.

CVE-2015-2907

2015-08-2321:59:04

[email protected]

web.nvd.nist.gov

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

6.7 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.1%

JSON

Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, have hardcoded SSH credentials, which makes it easier for remote attackers to obtain access by leveraging knowledge of the required username and password.

Affected configurations

NVD

Node

mobile_devicesc4_obd-ii_dongle_firmwareRange≤3.4

References

www.kb.cert.org/vuls/id/209512

www.usenix.org/conference/woot15/workshop-program/presentation/foster

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

6.7 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.1%

JSON

Related for NVD:CVE-2015-2907

prion1 cvelist1 cve1 cert1